ESET researchers have discovered a link between the Tesco Bank breach and the Retefe malware. The Retefe trojan horse goes after users’ online banking credentials, which can be then misused to conduct fraudulent transactions. Thousands more could be at risk as there is quite a lengthy list of other banks located in many other countries in this malware’s crosshairs. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“The Retefe malware, suspected as the main culprit in the Tesco attack, is a perfect example of the thorough, professional attacks hitting the internet today. Retefe thinks of everything. It targets many banks other than Tesco. It makes the fake website appear secure to relax the user expecting to see “https” and the browser’s indication that things are good. Retefe even has a mobile component to take over codes sent to your phone. Too many people still think the bad guys are loners in basements. But when there is profit motive, it’s more likely that the bad guys are calculating, patient pros who can be recognized by the high quality of their work like Retefe.
The reason Retefe malware and others like it are so dangerous is that they completely compromise one end of a secure communication. If you and I talk on the phone, only one of our phones needs to be bugged for the bad guy to capture both sides of our conversation. If the bad guy owns your machine, you can put all the security you want on the server and it won’t matter. When you have the user change their password, the bad guy sees it. When you switch up the website process, the bad guy sees that too and can emulate it. The only thing that can be truly effective is a very diligent end user who knows what to look for. That means all the banks can do is offer tips on how to spot the fake sites collecting user data that the malware creates and hope the user is diligent enough to learn and watch for signs of the bad guys at work.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.